Stored XSS [Payload Execution]

Stored Cross Site Scripting

Hello Friends,

This is my 29th blog on web application security penetration testing. In this blog I will explain Stored XSS payload execution when malicious payload is coming from DB to front end which we have saved earlier in blog 28th.

In my last Blog, I have explained about Stored XSS [Front-end To Back-end] Step by Step process with debugging enabled So that you people will understand how malicious payload pass to backend from the front end when validation and sanitization is not in the place.

What is Stored Cross Site Scripting?

Stored based Cross Site Scripting: [Stored in Database] : When a user supplied input is not validated or sanitized properly and stored into database and later on access in some other part of application from database then we called it as stored cross site scripting attack.

How to Test for Stored XSS?

1] Find pages which collect user information or some other info and saved to DB. Like signup page, comment box, contact us page, etc.

2] Enter some simple text and click on submit. If it is stored in DB and displaying on page then here is good to test stored XSS.

3] Enter payload and submit to server. Re-visit the same page or different page where payload is getting called from DB and if payload is executing successfully then there is stored XSS.

Lab Setup:

To demonstrate Stored Cross Scripting, I have created one sign-up/Register Page in previous blog and in this blog we will see how execution takes place when malicious data is coming from DB.

I have used below technologies:

Microsoft Visual Studio 2015

Microsoft SQL Server 2008

Firefox Web Browser

Note: Disable the XSS prevention in asp.net web page by setting up below property to false. ValidateRequest=”False”.

Disabling XSS Prevention in asp.net web application at page level

Below is the Step-by-step POC:

  1. I have created a new webpage called “ViewRegisterDetails.apsx” this page basically will take data which we have stored earlier in DB through our Registration process and bind it to Front end web page i.e. our HTML web form.

Note: Payload Stored in DB for id=5 is “><script>alert(1)</script>

Data View from Backend Database

2. Below is the code written to access data from DB and display it on front end web form i.e. ViewRegisterDetails.aspx

Code to Access Data From DB

3. I have written below designer code which takes backend data and bind it to the label controls text property.

Designer Code

4. Notice, our payload is executed successfully as soon as it’s loaded on web form.

XSS Payload Executed Successfully

This is the best way to understand the complete execution of Stored XSS.

Please do like and comment and also follow me on medium and LinkedIn for more reads!

Thank!

--

--

--

Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration Tester, Bug Hunter, Security Researcher, Optimistic, Philanthropist.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top Web Development Articles This Week on Codeburst — January 31st, 2018

Terraform Workspaces with AWS Elastic Kubernetes Service

How to read data stored in RAM

MakeCode: Simple and Visual, Good First Step to Learn Programming

Stop the overwhelm — how to simplify your business with the cloud

Difference between data types in python

Best Time to Buy and Sell Stock problem -Python (Leet Code)

Symfony 4 and RabbitMQ

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohammad Mohsin

Mohammad Mohsin

Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration Tester, Bug Hunter, Security Researcher, Optimistic, Philanthropist.

More from Medium

Stored XSS [Front-end To Back-end]

PHP Command Injection ->Time Based SQL $2000 bounty

Origin IP found, D-DOS & WAF Cloudflare protection bypassed

CRLF (%0D%0A) Injection